diff --git a/paramecio2/libraries/check_i18n.py b/paramecio2/libraries/check_i18n.py index e80cbb6..d31b720 100644 --- a/paramecio2/libraries/check_i18n.py +++ b/paramecio2/libraries/check_i18n.py @@ -9,7 +9,11 @@ import re from pathlib import Path from importlib import import_module from paramecio2.libraries.i18n import I18n -from settings import config +try: + from settings import config +except: + print('You need a settings directory with a paramecio2 configuration') + sys.exit(1) pattern=re.compile('^\w+\.(py|html|phtml|js)$') diff --git a/paramecio2/libraries/db/corefields.py b/paramecio2/libraries/db/corefields.py index 41a0a02..b6617a4 100644 --- a/paramecio2/libraries/db/corefields.py +++ b/paramecio2/libraries/db/corefields.py @@ -1,6 +1,7 @@ from paramecio2.libraries.db.webmodel import PhangoField from paramecio2.libraries.db import coreforms from paramecio2.libraries.i18n import I18n +from bs4 import BeautifulSoup class IntegerField(PhangoField): @@ -157,10 +158,17 @@ class HTMLField(TextField): def __init__(self, name, required=False): super().__init__(name, required) + self.trusted_tags=[] def check(self, value): - return re.sub('<.*?script?>', '', value) + soup=BeautifulSoup(value, features='html.parser') + + for tag in soup.findAll(True): + if tag.name not in self.trusted_tags: + tag.hidden=True + + return soup.renderContents().decode('utf-8') class ForeignKeyField(IntegerField): diff --git a/paramecio2/libraries/db/extrafields/datefield.py b/paramecio2/libraries/db/extrafields/datefield.py index 6e1f62c..a04bdca 100644 --- a/paramecio2/libraries/db/extrafields/datefield.py +++ b/paramecio2/libraries/db/extrafields/datefield.py @@ -20,7 +20,7 @@ class DateField(PhangoField): value=datetime.local_to_gmt(value) - elif not datetime.obtain_timestamp(value, False): + elif not datetime.obtain_timestamp(value): self.error=True self.txt_error=self.error_default diff --git a/paramecio2/libraries/db/extrafields/datetimefield.py b/paramecio2/libraries/db/extrafields/datetimefield.py index 38f15f4..082cbd4 100644 --- a/paramecio2/libraries/db/extrafields/datetimefield.py +++ b/paramecio2/libraries/db/extrafields/datetimefield.py @@ -20,7 +20,7 @@ class DateTimeField(PhangoField): value=datetime.local_to_gmt(value) - elif not datetime.obtain_timestamp(value, False): + elif not datetime.obtain_timestamp(value): self.error=True self.txt_error=self.error_default diff --git a/paramecio2/libraries/db/extrafields/jsonfield.py b/paramecio2/libraries/db/extrafields/jsonfield.py index 84eb3eb..da67236 100644 --- a/paramecio2/libraries/db/extrafields/jsonfield.py +++ b/paramecio2/libraries/db/extrafields/jsonfield.py @@ -1,4 +1,5 @@ from paramecio2.libraries.db.webmodel import WebModel, PhangoField +import sys try: import ujson as json @@ -77,7 +78,7 @@ class JsonValueField(PhangoField): except json.JSONDecodeError: - value={} + final_value={} self.error=True self.txt_error=self.error_default diff --git a/paramecio2/libraries/db/webmodel.py b/paramecio2/libraries/db/webmodel.py index 41a69da..37f5c7e 100644 --- a/paramecio2/libraries/db/webmodel.py +++ b/paramecio2/libraries/db/webmodel.py @@ -478,8 +478,8 @@ class WebModel: return False except: - self.query_error='Cannot insert the new row' - print(sys.exc_info()[0]) + self.query_error='Cannot insert the new row '+sys.exc_info()[0] + #print(sys.exc_info()[0]) return False c=len(values) diff --git a/setup.py b/setup.py index 14aa045..f32fd19 100644 --- a/setup.py +++ b/setup.py @@ -21,7 +21,7 @@ setup(name='paramecio2', url='https://bitbucket.org/paramecio/paramecio2fm/', packages=['paramecio2'], include_package_data=True, - install_requires=['flask', 'pymysql', 'sqlalchemy', 'colorama', 'python-slugify', 'mako', 'pillow', 'arrow'], + install_requires=['flask', 'pymysql', 'sqlalchemy', 'colorama', 'python-slugify', 'mako', 'pillow', 'arrow', 'beautifulsoup4'], entry_points={'console_scripts': [ 'paramecio2 = paramecio2.console:start', 'paramecio2db = paramecio2.libraries.db.dbadmin:start', 'paramecio2lang = paramecio2.libraries.check_i18n:start', ]},